Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

11/30/2011
03:07 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Symantec Survey Finds Rapid Adoption Of Encryption By Enterprises Coupled With Growing Pains

However, the survey also discovered that encryption solutions are fragmented

MOUNTAIN VIEW, Calif. – Nov. 30, 2011 – Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2011 Enterprise Encryption Trends Survey, which found enterprises are securing data with encryption in more places than ever. However, the survey discovered that encryption solutions are fragmented, creating risk for organizations from the lack of centralized control of access to sensitive information and disrupting critical processes such as e-discovery and compliance monitoring. In fact, the inability to access important business information due to fragmented encryption solutions and poor key management is costing each organization an average of $124,965 per year.

“While many organizations understand the importance of encrypting their data, issues with key management and multiple point products can give them inconsistent visibility into what has been protected,” said Joe Gow, director, product management, at Symantec. “As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations.”

Survey Highlights:

Encryption use is growing rapidly but fragmented. Forty-eight percent of enterprises increased their use of encryption over the past two years. The respondents state that almost half of their data is now encrypted at some point in its lifecycle. The typical organization reports they have five different encryption solutions deployed. Use of encryption in rogue projects. According to the survey, one-third of respondents said unapproved encryption deployment is happening on a somewhat to extremely frequent basis. Because these projects are not necessarily following the company’s best practices, 52 percent of organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). In addition, 26 percent have had former employees who have refused to return keys. Organizations express concerns about key management. Organizations are not very confident in their ability to effectively manage encryption keys. Forty percent are less than somewhat confident they can retrieve keys. Thirty-nine percent are less than somewhat confident they can protect access to business information from disgruntled employees. Encryption point product issues costing enterprises. All of the organizations reporting encryption key issues incurred some sort of related costs. The most common costs include inability to meet compliance requests (48 percent), inability to respond to eDiscovery requests (42 percent), and inability to access important business information (41 percent). In addition, the average loss from encryption-related issues is $124,965 per year.

Symantec Recommendations:

Symantec recommends the following for organizations to build a plan that avoids some of the pitfalls seen by the survey respondents.

Understand the lifecycle for encryption processes and anticipate challenges involved with protecting data in an increased number of places. Plan a data recovery process that meets your organization’s needs and accounts for the ability to sever access to data in cases of disgruntled employees and former employees. Build a plan for consistent enterprise-wide encryption and key management prior to deploying encryption. Encrypt assets, starting with email, laptops and mobile devices, before experiencing a data breach. Anticipate the effects of mobility and cloud computing and the need to encrypt data stored outside of the enterprise, including file shares and cloud storage.

Symantec’s Enterprise Encryption Trends Survey

Symantec’s Enterprise Encryption Trends Survey is the result of research conducted in September 2011 by Applied Research, which surveyed C-level, tactical management, and strategic management. The report was designed to examine encryption use within enterprise organizations. The survey included 1,575 organizations from 37 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America.

Resources

2011Enterprise Encryption Trends Survey (PDF) Infographic: Can IT Keep Up With Encryption Explosion? (PDF) SlideShare: 2011 Enterprise Encryption Trends Survey

Connect with Symantec

Follow Symantec on Twitter Join Symantec on Facebook Subscribe to Symantec News RSS Feed View Symantec’s SlideShare Channel View Symantec Connect Business Community

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.